Пример #1
0
	/**
	 * Register that we've had a permission failure trying to view the given page
	 *
	 * This will redirect to a login page.
	 * If you don't provide a messageSet, a default will be used.
	 *
	 * @param Controller $controller The controller that you were on to cause the permission
	 *              failure.
	 * @param string|array $messageSet The message to show to the user. This
	 *                                  can be a string, or a map of different
	 *                                  messages for different contexts.
	 *                                  If you pass an array, you can use the
	 *                                  following keys:
	 *                                    - default: The default message
	 *                                    - logInAgain: The message to show
	 *                                                  if the user has just
	 *                                                  logged out and the
	 *                                    - alreadyLoggedIn: The message to
	 *                                                       show if the user
	 *                                                       is already logged
	 *                                                       in and lacks the
	 *                                                       permission to
	 *                                                       access the item.
	 */
	static function permissionFailure($controller = null, $messageSet = null) {
		if(Director::is_ajax()) {
			$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
			$response->setStatusCode(403);
			$response->setBody('NOTLOGGEDIN:');
			return $response;
		} else {
			// Prepare the messageSet provided
			if(!$messageSet) {
				if(self::$default_message_set) {
					$messageSet = self::$default_message_set;
				} else {
					$messageSet = array(
						'default' => _t(
							'Security.NOTEPAGESECURED', 
							"That page is secured. Enter your credentials below and we will send you right along."
						),
						'alreadyLoggedIn' => _t(
							'Security.ALREADYLOGGEDIN', 
							"You don't have access to this page.  If you have another account that can access that page, you can log in below."
						),
						'logInAgain' => _t(
							'Security.LOGGEDOUT',
							"You have been logged out.  If you would like to log in again, enter your credentials below."
						)
					);
				}
			}

			if(!is_array($messageSet)) {
				$messageSet = array('default' => $messageSet);
			}

			// Work out the right message to show
			if(Member::currentUserID()) {
				$message = isset($messageSet['alreadyLoggedIn']) ? $messageSet['alreadyLoggedIn'] : $messageSet['default'];
				if($member = Member::currentUser()) {
					$member->logOut();
				}
			} else if(substr(Director::history(),0,15) == 'Security/logout') {
				$message = $messageSet['logInAgain'] ? $messageSet['logInAgain'] : $messageSet['default'];
			} else {
				$message = $messageSet['default'];
			}

			Session::set("Security.Message.message", $message);
			Session::set("Security.Message.type", 'warning');

			Session::set("BackURL", $_SERVER['REQUEST_URI']);

			// TODO AccessLogEntry needs an extension to handle permission denied errors
			// Audit logging hook
			if($controller) $controller->extend('permissionDenied', $member);

			Director::redirect("Security/login");
		}
		return;
	}
Пример #2
0
 /**
  * Register that we've had a permission failure trying to view the given page
  *
  * This will redirect to a login page.
  * If you don't provide a messageSet, a default will be used.
  *
  * @param Controller $controller The controller that you were on to cause the permission
  *              failure.
  * @param string|array $messageSet The message to show to the user. This
  *                                  can be a string, or a map of different
  *                                  messages for different contexts.
  *                                  If you pass an array, you can use the
  *                                  following keys:
  *                                    - default: The default message
  *                                    - logInAgain: The message to show
  *                                                  if the user has just
  *                                                  logged out and the
  *                                    - alreadyLoggedIn: The message to
  *                                                       show if the user
  *                                                       is already logged
  *                                                       in and lacks the
  *                                                       permission to
  *                                                       access the item.
  */
 static function permissionFailure($controller = null, $messageSet = null)
 {
     // Prepare the messageSet provided
     if (!$messageSet) {
         $messageSet = array('default' => _t('Security.NOTEPAGESECURED', "That page is secured. Enter your credentials below and we will send you right along."), 'alreadyLoggedIn' => _t('Security.ALREADYLOGGEDIN', "You don't have access to this page.  If you have another account that can access that page, you can log in below."), 'logInAgain' => _t('Security.LOGGEDOUT', "You have been logged out.  If you would like to log in again, enter your credentials below."));
     } else {
         if (!is_array($messageSet)) {
             $messageSet = array('default' => $messageSet);
         }
     }
     // Work out the right message to show
     if (Member::currentUserID()) {
         // user_error( 'PermFailure with member', E_USER_ERROR );
         $message = isset($messageSet['alreadyLoggedIn']) ? $messageSet['alreadyLoggedIn'] : $messageSet['default'];
         if ($member = Member::currentUser()) {
             $member->logout();
         }
     } else {
         if (substr(Director::history(), 0, 15) == 'Security/logout') {
             $message = $messageSet['logInAgain'] ? $messageSet['logInAgain'] : $messageSet['default'];
         } else {
             $message = $messageSet['default'];
         }
     }
     Session::set("Security.Message.message", $message);
     Session::set("Security.Message.type", 'warning');
     if (Director::is_ajax()) {
         die('NOTLOGGEDIN:');
     } else {
         Director::redirect("Security/login?BackURL=" . urlencode($_SERVER['REQUEST_URI']));
     }
     return;
 }
 /**
  * Register that we've had a permission failure trying to view the given page
  *
  * This will redirect to a login page.
  * If you don't provide a messageSet, a default will be used.
  *
  * @param Controller $controller The controller that you were on to cause the permission
  *              failure.
  * @param string|array $messageSet The message to show to the user. This
  *                                  can be a string, or a map of different
  *                                  messages for different contexts.
  *                                  If you pass an array, you can use the
  *                                  following keys:
  *                                    - default: The default message
  *                                    - logInAgain: The message to show
  *                                                  if the user has just
  *                                                  logged out and the
  *                                    - alreadyLoggedIn: The message to
  *                                                       show if the user
  *                                                       is already logged
  *                                                       in and lacks the
  *                                                       permission to
  *                                                       access the item.
  *
  * The alreadyLoggedIn value can contain a '%s' placeholder that will be replaced with a link
  * to log in.
  */
 static function permissionFailure($controller = null, $messageSet = null)
 {
     if (!$controller) {
         $controller = Controller::curr();
     }
     if (Director::is_ajax()) {
         $response = $controller ? $controller->getResponse() : new SS_HTTPResponse();
         $response->setStatusCode(403);
         if (!Member::currentUser()) {
             $response->setBody('NOTLOGGEDIN:');
         }
         return $response;
     } else {
         // Prepare the messageSet provided
         if (!$messageSet) {
             if (self::$default_message_set) {
                 $messageSet = self::$default_message_set;
             } else {
                 $messageSet = array('default' => _t('Security.NOTEPAGESECURED', "That page is secured. Enter your credentials below and we will send " . "you right along."), 'alreadyLoggedIn' => _t('Security.ALREADYLOGGEDIN', "You don't have access to this page.  If you have another account that " . "can access that page, you can <a href=\"%s\">log in again</a>.", PR_MEDIUM, "%s will be replaced with a link to log in."), 'logInAgain' => _t('Security.LOGGEDOUT', "You have been logged out.  If you would like to log in again, enter " . "your credentials below."));
             }
         }
         if (!is_array($messageSet)) {
             $messageSet = array('default' => $messageSet);
         }
         // Work out the right message to show
         if (Member::currentUser()) {
             $response = $controller ? $controller->getResponse() : new SS_HTTPResponse();
             $response->setStatusCode(403);
             //If 'alreadyLoggedIn' is not specified in the array, then use the default
             //which should have been specified in the lines above
             if (isset($messageSet['alreadyLoggedIn'])) {
                 $message = $messageSet['alreadyLoggedIn'];
             } else {
                 $message = $messageSet['default'];
             }
             // Replace %s with the log in link
             $body = sprintf($message, Controller::join_links(Director::baseURL(), 'Security/login', '?BackURL=' . urlencode($_SERVER['REQUEST_URI'])));
             $response->setBody($body);
             return $response;
         } else {
             if (substr(Director::history(), 0, 15) == 'Security/logout') {
                 $message = $messageSet['logInAgain'] ? $messageSet['logInAgain'] : $messageSet['default'];
             } else {
                 $message = $messageSet['default'];
             }
         }
         Session::set("Security.Message.message", $message);
         Session::set("Security.Message.type", 'warning');
         Session::set("BackURL", $_SERVER['REQUEST_URI']);
         // TODO AccessLogEntry needs an extension to handle permission denied errors
         // Audit logging hook
         if ($controller) {
             $controller->extend('permissionDenied', $member);
         }
         Director::redirect("Security/login?BackURL=" . urlencode($_SERVER['REQUEST_URI']));
     }
     return;
 }